Faced with depleted reserves and having been hit with sanctions aimed at its illegal nuclear weapons program, North Korean hackers have a new strategy for growing the country’s cash reserves — steal crypto holdings from individual investors.

According to a report from the South China Morning Post (SCMP), the option to target individuals who hold cryptocurrencies is a departure from their usual model of penetrating high-value financial institutions and centralized crypto exchanges.

To steal their victims’ digital assets, hackers send unsuspecting victims an email with infected file attachments. Once the victim downloads the files, a malicious script infects the computer and takes total control of the machine. From then on, they can do serious damage.

The SCMP quoted the founder of the cyber warfare research group IssueMakersLab, Simon Choi, who confirmed the change in the modus operandi of North Korean hackers. He argued that the shift from targeting exchanges and trading platforms to attacking individuals was most likely due to the upgraded security protocols that crypto exchanges platforms have been able to implement in the past few months.

“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security. They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly. With the US, the UN and others imposing sanctions on the North Korean economy, North Korea is in a difficult position economically, and cryptography has come to be seen as a good opportunity.”

Kwon Seo-Chul, the CEO of Cuvepia, told SCMP that his firm had found over 30 instances where North Korean hackers had preyed on innocent cryptocurrency investors.

“They are just simple wallet users investing in cryptocurrency. In fact, when cryptocurrencies are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into cryptocurrencies,” Kwon explained.

Source: Shutterstock

Choi also added that most of the targets of these attacks had been the wealthy South Koreans, as the attackers “believe that if they target CEOs of wealthy firms and heads of organizations,” they can cash out large sums faster. With the advent of retail custody solutions and hardware wallets, it is amazing that these kind of attacks are still prevalent.

Explaining why it seems easy for these hackers to target individual crypto investors and get away with it, Kwon explained:

“When cryptocurrency wallets are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into digital currency accounts. Some of the attacks are carried out by sending the victims an email with infected file attachments.”

North Korea has been profiting from cryptocurrencies for a while now. In September, a report on Asia Times said Pyongyang was using cryptocurrencies to evade US sanctions. The report quoted former NSA cybersecurity official Priscilla Moriuchi who said the state was earning millions of dollars on a regular basis from its mining and crypto trading activities.

“North Korea has pursued other avenues for obtaining cryptocurrencies as well, including mining of both bitcoin and Monero, ransom paid in bitcoin from the global WannaCry attack in May and even commissioning a cryptocurrency class for North Korean students in November.”